Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

iChain Security concern with Mini FTP Server Administration and path disclosure

(Last modified: 11Mar2005)

This document (10096886) is provided subject to the disclaimer at the end of this document.

fact

iChain 2.3

iChain 2.2

iChain 2.3 Support Pack 2 applied (ic23sp2.exe)

Mini FTP server enabled on iChain

No access control for iChain GUI management in place

symptom

iChain Security concern with Mini FTP Server Administration and path disclosure

Can view iChain FTP server path without authenticating

Can execute the FTP PWD command without authentication

fix

Defect entered on this. It is low priority because the FTP directory is documented in the iChain 23 documentation anyway.

note

Thanks to Francisco Amato for notifying Novell of this issue.

Francisco Amato
Infobyte Security Research
www.infobyte.com.ar

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10096886
  • Solution ID: NOVL101284
  • Creation Date: 08Mar2005
  • Modified Date: 11Mar2005
    • NetIQiChain

Did this document solve your problem? Provide Feedback